Zapier says someone broke into its code repositories and may have accessed customer data
Zapier informed customers on Friday that an aunauthorized usera accessed acertain Zapier code repositoriesa and may have gained access to customer information as a result. The customer data had been ainadvertently copied to the repositories for debugging purposes,a according to an email obtained by The Verge.
The company says it became aware of the unauthorized access on Thursday. When it did, the company aimmediately secured access to the repositories and invalidated the unauthorized user's access,a the email says. Zapier says that the incident adid not affect any Zapier database, infrastructure or production, authentication, or payment systems.a
The code repos shouldnat have included customer data. But after auditing them, Zapier discovered that some information had been ainadvertentlya copied over. Zapieras platform allows users to create automations that work across other companiesa apps and services, potentially putting it in the middle of a lot of sensitive information.
The hacker was able to access the repositories because of a atwo-factor authentication (2FA) misconfiguration on an employee's account.a The company says it is now conduct …